getEffectivePermissions function

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Retrieves the effective permissions of the currently authenticated user

Prerequisites

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account)
    Role-based access control DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP Request

GET /deviceManagement/getEffectivePermissions

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request URL, provide the following query parameters with values. The following table shows the parameters that can be used with this function.

Property Type Description
scope String Not yet documented

Response

If successful, this function returns a 200 OK response code and a rolePermission collection in the response body.

Example

Request

Here is an example of the request.

GET https://graph.microsoft.com/v1.0/deviceManagement/getEffectivePermissions(scope='parameterValue')

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 471

{
  "value": [
    {
      "@odata.type": "microsoft.graph.rolePermission",
      "actions": [
        "Actions value"
      ],
      "resourceActions": [
        {
          "@odata.type": "microsoft.graph.resourceAction",
          "allowedResourceActions": [
            "Allowed Resource Actions value"
          ],
          "notAllowedResourceActions": [
            "Not Allowed Resource Actions value"
          ]
        }
      ]
    }
  ]
}